1. Field of the Invention
The present invention relates to an individual authentication (attestation) method for portable communication equipment such as a cellular phone, PDA (Personal Digital Assistant) or the like, and a program product for implementing the individual authentication method.
2. Description of the Related Art
Recently, individual authentication for various applications containing electronic business using cellular phones has increased in importance. The conventional individual authentication using cellular phones has used input of personal identification numbers (passwords) as individual authenticating (attesting) means, and it has been considered to bring the cellular phones with an individual authenticating function based on biometrics as means having high security level. Fingerprint authentication has higher authentication precision among these biometrics authenticating means, and it has been expected as one of means having a good possibility that it is available in cellular phones from the aspect of the price, size, etc. of sensors.
However, the above conventional technique has the following disadvantages.
A first disadvantage resides in that in the conventional individual authentication method based on the personal identification number (PIN) inputting manner, there is a high risk that the personal identification number is stolen by another person, so that this method is insufficient in safety for electronic business, etc. which need high security level.
A second disadvantage resides in that in the conventional individual authentication method based on the personal identification number (PIN) inputting manner, as the digit number of the personal identification number is increased to enhance the security level, it is more unavailable and the probability that a user forgets his/her personal identification number is higher.
A third disadvantage resides in that in the conventional individual authentication method using a relatively cheap fingerprint sensor, it is impossible to achieve a high-quality fingerprint image stably and thus it is needed to input a fingerprint many times until a fingerprint suitable for authentication is achieved in order to enhance the authentication precision, so that this method is unavailable.
Japanese Laid-open Patent Publication No. 2000-076412 discloses a technique on a card to enhance the precision of identification of a person to be authenticated by using fingerprint authentication in combination with his/her personal identification number to identify the person concerned, Japanese Laid-open Patent Publication No. 2001-144748 discloses a technique of generating an enciphering key and a deciphering key on the basis of combination data of living body information such as a fingerprint and a password, Japanese Laid-open Patent Publication No. Sho-59-9775 discloses a technique on a magnetic card that has a secrete number recorded therein and has a fingerprint press portion onto which a fingerprint is impressed, and Japanese Laid-open Patent Publication No. Hei-4-352548 discloses a portable telephone which reads in the telephone number of a transactor by authenticating his/her fingerprint.
Particularly, Japanese Laid-open Patent Publication No. 2000-076412 and Japanese Laid-open Patent Publication No. 2001-144748 disclose techniques of keeping high security by using the input of the personal identification number and the fingerprint authentication in combination with each other. There is no description about unavailability of a fingerprint sensor in these publications. Further, when these techniques are used for authentication of a single function such as a credit card or the like, there is no problem in usability even if only one level is provided as the security level. However, in the case of the cellular phone, authentication in different security levels is needed for various situations from such a situation that a user needs permission of change of a simple setting to such a situation that a user needs authentication of electronic commerce. If such situations are supported by using only one security level, the security level must be set to the highest security level, so that these techniques are unavailable particularly when the permission of change of a simple setting is required.
Conventional cellular phones have some functions needing input of personal identification numbers, however, the security levels to be required are not so high. However, since it is expected that functions needing higher security levels such as electronic commerce will be equipped to cellular phones, it is required to bring plural security levels in accordance with the importance level of each function.